12 matches found
EUVD-2024-0944
Malicious code in bioql PyPI...
CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
GHSA-J4HQ-F63X-F39R Slow String Operations via MultiPart Requests in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
Slow String Operations via MultiPart Requests in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
Denial Of Service (DoS)
Bref is vulnerable to Denial Of Service DoS. The vulnerability is due to improper clean up of temporary files after processing a MultiPart requests when the Event-Driven Function runtime is utilized and the handler is a RequestHandlerInterface. This allows an attacker to fill the Lambda instance...
GHSA-X4HH-FRX8-98R5 Bref's Uploaded Files Not Deleted in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24754
Summary: The CVE concerns Bref running PHP on AWS Lambda with the Event-Driven Function runtime. When the Lambda event is converted to a PSR-7 request, multipart form data parts are parsed into nested arrays; specifically, keys ending with an open bracket (for example key0[key1][key2][) are treat...
CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...